A Multi-Layered Defense Approach to Safeguard Against Ransomware

Pagan, Alexander; Elleithy, Khaled

doi:10.1109/ccwc51732.2021.9375988

Cited by 8 publications

(4 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hybrid techniques employ multiple detection and protection techniques in a multi-layered approach for detection and prevention of ransomware attacks. Jr and Elleithy [66], proposed a five-layered approach to prevent and safeguard against ransomware attacks, which includes perimeter defense, network defense, endpoint defense, data backup and recovery, and end-user awareness and training. Patyal et al [67], proposed a multi-layered defense architecture against ransomware attacks consisting of six layers: network, host, application, data, backup, and user education.…”

Section: Hybrid Detection Techniquesmentioning

confidence: 99%

Feature Selection using Particle Swarm Optimization and Ensemble-based Machine Learning Models for Ransomware Detection

Gurukala,

Verma

2023

Preprint

View full text Add to dashboard Cite

Ransomware attacks have become a major threat to organizations and individuals, as such an attack can cause significant financial loss and disruption to business operations. Traditional methods of ransomware detection, such as signature-based detection and heuristic-based detection, have proven to be inadequate in dealing with the constantly evolving ransomware variants. Machine learning (ML)-based detection methods have shown promise in detecting ransomware. These methods rely on the extraction of relevant features from the samples and the training of a classifier to distinguish between ransomware and non-ransomware samples. Due to the high dimensionality of the feature space, machine learning algorithms can be employed to identify a crucial subset of features which in turn enhances the detection accuracy. This research presents a novel approach that combines ensemble classifiers with feature selection using the Particle Swarm Optimization (PSO) algorithm. The objective is to improve the detection accuracy and reduce false positives and false negatives in classification tasks. Two separate ensemble models were constructed: one comprising Random Forest (RF) and Support Vector Machine (SVM) classifiers, and the other consisting of Decision Tree (DT) and K-Nearest Neighbors (KNN) classifiers. The PSO algorithm was employed to determine the optimal features and their corresponding weights for each ensemble classifier. Experiments were conducted to evaluate the performance of the proposed approach and the results demonstrated that integrating PSO for feature selection significantly enhanced the overall detection rate compared to using all features with equal weights. By identifying the most relevant features and assigning appropriate weights, the ensemble classifiers achieved higher accuracy and improved the overall classification performance.

show abstract

Section: Hybrid Detection Techniquesmentioning

confidence: 99%

Feature Selection using Particle Swarm Optimization and Ensemble-based Machine Learning Models for Ransomware Detection

Gurukala,

Verma

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Early ransomware defense strategies revolved around regular data backups and user education, aiming to mitigate the impact of data loss and avoid ransom payments [12,13,26]. Antivirus software, initially designed to detect known malware signatures, evolved to include heuristic analysis, enabling the detection of previously unknown ransomware variants, and security researchers demonstrated the efficacy of whitelisting applications as a means to prevent ransomware execution on protected systems [11,27]. The use of behavior-based detection tools became prevalent, focusing on identifying abnormal file modification activities indicative of ransomware behavior [12,[28][29][30][31][32].…”

Section: Ransomware Defense Strategiesmentioning

confidence: 99%

“…The impetus behind the development of self-healing networks is rooted in the critical need to overcome the deficiencies of traditional network security frameworks, especially in the face of the continuously evolving and increasingly sophisticated nature of ransomware attacks [10]. Conventional security measures, including firewalls and antivirus software, typically function on a reactive basis and rely heavily on predefined rules and known threat patterns, rendering them less effective against new or advanced ransomware variants that can rapidly adapt and mutate [11]. In contrast, self-healing networks represent a proactive and fluid approach to network security [6,10].…”

Section: Introductionmentioning

confidence: 99%

Self-Healing Networks: Adaptive Responses to Ransomware Attacks

Almeida,

Vasconcelos

2023

Preprint

View full text Add to dashboard Cite

This study presents an in-depth analysis and evaluation of self-healing networks as an innovative solution to combat the escalating threat of ransomware attacks. Recognizing the limitations of traditional network security methods in the face of advanced cyber threats, the research focuses on the development and implementation of self-healing networks, characterized by their dynamic, intelligent response systems. Utilizing a combination of artificial intelligence and machine learning algorithms, these networks demonstrate remarkable adaptability and resilience. Through rigorous simulations, the study examines the efficacy of self-healing networks in detecting, isolating, and recovering from ransomware attacks, with an emphasis on their ability to learn and evolve from each incident. The research highlights the strengths and limitations of these networks and discusses their potential applications in various sectors. The findings suggest that self-healing networks, with their proactive and adaptive defense mechanisms, represent a significant advancement in cybersecurity strategies, offering a robust solution against a range of cyber threats. Future work is recommended to further enhance the capabilities of self-healing networks, particularly in the areas of speed, detection accuracy, and quantum-resistant security measures.

show abstract

“…In addition to the previous most adopted ones, a variety of other prevention schemes can be found in the literature. For instance, a multi-layered prevention system is proposed in references [130,131], where, among other possible techniques, anti-malware software deployment, firewall configuration, DNS/Web filtering and email security can be considered. In this way, in case of a ransomware incident, the multi-layer defence will allow us to recover data.…”

mentioning

confidence: 99%

Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Gómez Hernández,

García Teodoro,

Magán Carrión

et al. 2023

Electronics

View full text Add to dashboard Cite

According to the premise that the first step to try to solve a problem is to deepen our knowledge of it as much as possible, this work is mainly aimed at diving into and understanding crypto-ransomware, a very present and true-world digital pandemic, from several perspectives. With this aim, this work contributes the following: (a) a review of the fundamentals of this security threat, typologies and families, attack model and involved actors, as well as lifecycle stages; (b) an analysis of the evolution of ransomware in the past years, and the main milestones regarding the development of new variants and real cases that have occurred; (c) a study of the most relevant and current proposals that have appeared to fight against this scourge, as organized in the usual defence lines (prevention, detection, response and recovery); and (d) a discussion of the current trends in ransomware infection and development as well as the main challenges that necessarily need to be dealt with to reduce the impact of crypto-ransomware. All of this will help to better understand the situation and, based on this, will help to develop more adequate defence procedures and effective solutions and tools to defeat attacks.

show abstract

A Multi-Layered Defense Approach to Safeguard Against Ransomware

Cited by 8 publications

References 6 publications

Feature Selection using Particle Swarm Optimization and Ensemble-based Machine Learning Models for Ransomware Detection

Feature Selection using Particle Swarm Optimization and Ensemble-based Machine Learning Models for Ransomware Detection

Self-Healing Networks: Adaptive Responses to Ransomware Attacks

Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Contact Info

Product

Resources

About